Ron Johnson <ron.l.johnson@cox.net> [2003:10:02:04:44:28-0500] scribed: > On Wed, 2003-10-01 at 23:17, ScruLoose wrote: > > On Wed, Oct 01, 2003 at 07:56:07PM -0500, Michael D Schleif wrote: > > > "Karsten M. Self" <kmself@ix.netcom.com> [2003:10:02:00:37:35+0100] scribed: > [snip] > > > That kind of executable -- one that entices a user to click on it -- is > > > just as real a threat to non-Microsoft userland, that I insist that your > > > point is not all inclusive of the threats at hand. Simply because there > > > is not yet a major, far reaching virus/worm propagating primarily from > > > Linux boxen, does not rule out the existence of a threat . . . > > > > Most non-MS users are not likely to be logged in as root when they > > check the mail, so whether some virus auto-executes or entices them to > > click on it, the damage is generally going to be pretty well contained. > > > > It's going to take a _hell_ of a lot of social engineering to convince > > me to su, provide my root password, install and run some program that > > showed up in my inbox. No matter how pretty a message it's packaged > > in. Even assuming that the user getting the infected mail _has_ the > > root password. <snip /> > Given the security model of Unix, we truly do *not* have to worry > about email viruses (or viruses coming through click-thru social- > engineering vectors). <snip /> Wrong! In fact, just this week, I am engaged with a prominent software development company, and every one of the developers develops on various Linux boxen, and every one of them insists on running as root. I also help support several neighborhood *nix users, and most of them are equally recalcitrant root account users. Yes, this is the debian-users mailing list; but, we are 31337 Linux users, and we support standards and best practices. We do not qualify, for the most part, as Joe-Average users -- and, we probably never will. Take a long, hard look at the real world *before* you knee-jerk a response to this post. IMHO, the view you will see is not far off of the mark I have just made . . . -- Best Regards, mds mds resource 877.596.8237 - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --
Attachment:
pgpErlq_0gEZQ.pgp
Description: PGP signature